- 6.0 Cryptography and PKI
- 6.1 Compare and contrast basic concepts of cryptography.
- 6.1.1 Symmetric algorithms
- 6.1.2 Modes of operation
- 6.1.3 Asymmetric algorithms
- 6.1.4 Hashing
- 6.1.5 Salt, IV, nonce
- 6.1.6 Elliptic curve cryptography ECC
- 6.1.7 Weak/deprecated algorithms
- 6.1.8 Key exchange
- 6.1.9 Digital signatures
- 6.1.10 Diffusion
- 6.1.11 Confusion
- 6.1.12 Collision
- 6.1.13 Obfuscation
- 6.1.14 Steganography
- 6.1.15 Stream vs. block
- 6.1.16 Key strength
- 6.1.17 Session keys
- 6.1.18 Ephemeral key
- 6.1.19 Secret algorithm
- 6.1.20 Data-in-transit
- 6.1.21 Data-at-rest
- 6.1.22 Data-in-use
- 6.1.23 Random/pseudo-random number generation
- 6.1.24 Key stretching
- 6.1.25 Implementation vs. algorithm selection
- 6.1.26 Perfect forward secrecy PFS
- 6.1.27 Security through obscurity
- 6.1.28 Common use cases
- 6.2 Explain cryptography algorithms and their basic characteristics.
- 6.3 Given a scenario, install and configure wireless security settings.
- 6.4 Given a scenario, implement public key infrastructure.
- 6.1 Compare and contrast basic concepts of cryptography.
(James Messer, Jason Dion 1, Jason Dion 2, Mike Meyers 1, Mike Meyers 2, Mike Meyers 3)
- Cryptographic terms
- Ciphertext - an encrypted msg
- Cipher - The algorithm used to encrypt / decrypt
- Keys
- Add the key / keys to the cypher to encrypt
- Larger keys are generally more secure
- Some encryption methods use more than one key,every method is bit different
- When a sender wants to transmit a private message to a recipient, the sender takes the plain text (unencrypted) message and encrypts it using an algorithm and a key. This produces a cipher text message that is transmitted to the recipient. The recipient then uses a similar algorithm and key to decrypt the cipher text and re-create the original plain text message for viewing.(Stewart
(James Messer, Jason Dion, Mike Chapple)
- Single, shared key. Encrypt and decrypt with same key.
- "Doesn't scale very well. Can be challenging to distribute." (Messer)
- Use shared key algorithm / shared shared secret
- Fast
- The common symmetric solutions
- Advanced Encryption Standard (AES),
- Triple Data Encryption Standard (3DES),
- Data Encryption Standard (DES),
- Blowfish / Twofish,
- Rivest Cipher 4 (RC4)
- Most symmetric algorithms are block ciphers or offer a block cipher function.
- There are many methods by which the plain text blocks are encrypted into cipher text blocks. (Stewart)
- Most symmetric algorithms support several modes of operations, including ECB, CBC, CTM, and GCM.
- Detailed on Block Cipher Modes section
- AKA "Public key cryptography" - two or more mathematically related keys
- Private key - keep this private
- Public key - give it away
- Only private key can decrypt the data thats encrypted with public key
- The most widely used asymmetric cryptography solutions are as follows:
- Rivest, Shamir, and Adleman (RSA)
- Diffie-Hellman
- DSA
- PGP/GPG
- Elliptic curve cryptography (ECC)”
- Key generation
- This process will build both private and public keys at the same time
- Start with a large random number - large prime number
- key generation programme then create 2 keys
- Symmetric keys from asymmetric keys
- A-priv + B-pub and B-priv+ A-pub
- This will create a symmetric key that is identical
(James Messer, Jason Dion, Mike Chapple)
- Hash AKA "message digest"
- "Impossible to recover the original message from the digest. Used to store passwords / confidentiality." (Messer)
- Intent: Two messages won't have same hash, otherwise there is a collision.
- Use to store passwords (we can compare passwords without knowing the actual value) - confidentiality
- Integrity - to verify the downloaded document is the same as the original
- Hashing can be attacked using reverse engineering, reverse hash matching, or a birthday attack. These attack methods are commonly used by password-cracking tools.(Stewart)
- Hashing algorithms
- Nonce
- A number used once, arbitrarily chosen
- Could be counter
- When used as salt, prevents replays
- IV: Initialization vector - type of nonce, used for randomizing an encryption scheme (WEP/older SSL)
- Salt: nonce used to randomize hashes
- A salt is secret data added to input material prior to the hashing process.
- Salting hashes makes the process of attaching them much more complicated and computationally intensive. (Stewart)
- Asymmetric encryption ues large integers - lots of resources needed
- ECC use curves instead of large prime numbers
- ECC Uses smaller keys than non-ECC asymmetric encryption.
- Smaller storage and transmission requirement. Perfect for mobile devices." (Messer)
- "Strong algorithms have been around for a while." (Messer)
- Weak: WEP, DES (56-bit keys)
- Strong: PGP, AES
- Out-of-band key exchange. Not over the 'net. Not practical.
- Common to do in-band key exchange with additional encryption. "Use asymmetric encryption to deliver a symmetric key." (Messer)
- Sign with private key, verify with public key
- Useful for proving integrity of message and for authenticating the source
- Non-repudiation
- Signing and verifying digital signature
- A hash plaintext with hasing algorithm and sign with private key
- this will become the digital signature
- B then receive this and decrypt the digital signature with A's public key
- this will give the hash of the plaintext
- B then use the exact same hashing algo with the plain text to compare the result with original hash
- Change on character of the input, and many characters change of the output.
- This make it harder to guess from the input
- Confusion and diffusion are important concepts of crypto, you need both
- Data that encrypted are Drastically different from plaintext.
- The process should be non-linear - No discernible patterns.
- When two inputs create the same hash.
- "Process of making something unclear." (Messer)
- Difficult but not impossible to understand
- Form of obfuscation
- Images: Hiding, embedding information in picture
- Network: Embed messages in TCP packets
- Printers: Watermarks. Yellow dots.
- Stream ciphers:
- If we are streaming information across the network in real time, encryption is done One bit or byte at a time. High speed, low hardware complexity." (Messer)
- "Used with symmetric encryption. (Not used in asymmetric encryption because of the overhead)" (Messer)
- Since we are sending similar information frequently, Key is often combined with an initialization vector to make them look different
- Block ciphers:
- "Fixed-length groups. Often 64-bit or 128-bit blocks." (Messer)
- "Pad added to short blocks. Each block is encrypted or decrypted independently." (Messer)
- Use symmetric encryption
- mode of operation depends on requirement
- "Large keys tend to be more secure." (Messer)
- "128-bit or larger symmetric keys are common." (Messer)
- Asymmetric encryption: "Complex calculations of prime numbers. Larger keys than symmetric encryption. Common to see key lengths of 3,072 bits or larger." (Messer)
- "A session key is a symmetric key used for encrypting messages during a communication session. It is generated from random seeds and is used for the duration of a communication session." (Conklin)
- "Implement session keys carefully. Need to change often. these temporary keys are called ephemeral keys
- Need to be unpredictable." (Messer)
- Not incremented by one, etc.
- "Secrecy in how to apply secu- rity elements can assist in thwarting reverse engineering." (Conklin)
- "The drawback of keeping a cryptographic algorithm secret is that it reduces the test- ing of the algorithm by cryptographers." (Conklin)
- States of data (James Messer)
- "Transmitted over the network." (Messer)
- Transport encryption: TLS (Transport Layer Security). IPSec (Internet Protocol Security).
- On storage device.
- Options: Whole disk encryption. Database encryption. File- or folder-level encryption. (Messer)
- Apply ACL - only authorized users can access
- "System RAM, CPU registers and cache." (Messer)
- "Almost always decrypted." (Messer)
- "True random numbers are virtually impossible to generate from physical or algorithmic processes because of the influences associated with the underlying process. This leads to the field of pseudo-random numbers, a set of numbers that while statistically appearing to be random with respect to frequency distribution, because they are algorithmically generated, if one knows the algorithm and the seeds, one can predict future values." (Conklin)
- i.e. "key strengthening"
- Two techniques, salting and hashing
- Salting adds a value to the enc key to make it more complex
- Hashing adds time to the verification process by requiring more math
- verifying one key is fast (for the user) but guessing millions of keys is slow (for attacker)
- Two algos , PBKDF2 and bcrypt
- "Hash a password. Hash the hash of the password." (Messer)
- Multiplies time required to brute force
- Crypto service provider
- Crypto modules
- Traditionally SSL/TLS used a private keys stored on webserver to encrypt the data, this is risky.
- One way to avoid this single point of failure is to use PFS
- Doesn't use server's private RSA key.
- Creates keys on the fly. Temporary.
- "Might use elliptic curve or Diffie-Hellman ephemeral." - session keys are not kept around
- Uses more computing power.
- browser must support PFS
- Design not necessarily secret
- Encryption key the only unknown
- Low power devices
- Mobile. Portable. Smaller symmetric key sizes. Use elliptic curve cryptography (ECC) for asymmetric encryption.
- Low latency
- Fast. Symmetric encryption. Smaller key sizes.
- High resiliency
- Larger key sizes. Hashing provides integrity.
- Supporting confidentiality
- Secret and private
- Encryption - file level, drive level, email
- Supporting integrity
- Prevent modification of data
- Validate the contents with hashes
- File downloads, passwords storage
- Supporting obfuscation
- Hide data
- Encrypted data hides the active malware code
- Decryption occurs during execution
- Supporting authentication
- Password hashing
- Protect the original password
- Add salts to randomize the stored hash
- Supporting non-repudiation
- Confirm the authenticity of data
- Digital signature provides both integrity and non-repudiation
- "You said it. You can't deny it."
- Resource vs. security constraints
- An ongoing battle
- Browser support vs. supporte encryption
- VPN software support vs. supported algorithms
(Mike Meyers 1, Mike Meyers 2)
- DES
- Block cipher
- Block size: 64-bit (encrypt 64 bit data at a time)
- Key size: 56-bit (very small for todays use)
- Rounds: 16
- Easy to brute-force
- Triple DES (3DES)
- "A Triple DES (3DES) algorithm uses 48 rounds of computation. It offers high resistance to differential cryptanalysis because it uses so many rounds." (uCertify)
- 16x3 = 48
- Extends use of the DES cipher
- Use DES encryption/decryption three times
- Encrypt with the first key
- Decrypt with the second key
- Encrypt with the third key
- 3DES Keying options
- Use all three different keys (k1 != k2 != k3), strongest key strength 112 bits
- Keys 1 and 3 are same (k1 = k3 != k2), require fewer keys , strength 80 bits
- All 3 keys are same, it will be just like DES, insecure, but backward compatible
- Block cipher
- Block size: 64-bit
- Key size: 56-bit x 3 -> 158 bit ? (effective key length is 112 bits)
- Rounds: 16
- Superseded by AES
- "A Triple DES (3DES) algorithm uses 48 rounds of computation. It offers high resistance to differential cryptanalysis because it uses so many rounds." (uCertify)
- RC4 Rivest Cipher 4
- Streaming cipher
- Use for network communications
- Uses a pseudorandom keystream
- 1 bit at a time
- 1 round
- Key size: variable 40-bit -> 2048-bit
- Part of the WEP standard and WPA
- it was a part of SSL, but removed from SSL
- Has a "biased output"
- No longer considered secure
- Advanced Encryption Standard
- Early 2000's
- Block cipher
- Block size: 128-bit (2x of DES)
- Key size: 128, 192, 256-bit
- Rounds: 10, 12, 14
- Standard of the US federal government
- Took five years to standardize
- Used in WPA2
- Blowfish
- Public domain algo
- Block cipher
- Block size: 64-bit
- Rounds: 16
- Key size: varied (32-bit -> 448-bit)
- Created to remove limitation of patents
- Not considered secure
- Twofish
- Doubles the block size of Blowfish
- Block size: 128-bit
- Key size: varied (128,192 and 256-bit)
- Considered secure
- GOST
- "Russian private key encryption standard that uses a 256-bit encryption key. GOST was developed as a counter to the Data Encryption Standard (DES)." (uCertify)
- CAST-128
- "A private key encryption standard that is used in Pretty Good Privacy (PGP)." (uCertify)
- IDEA
- "International Data Encryption Algorithm (IDEA) is a private key encryption standard that was developed in Switzerland. IDEA is used in PGP, and uses 128-bit encryption keys." (uCertify)
- RC5
- "RC5 is a private key encryption standard that was developed at the Massachusetts Institute of Technology. RC5 supports variable length encryption keys." (uCertify)
- Others: IDEA, RC5, RC6
-
Stream vs. block
- we take single piece of a information and cut it in to single size blocks
- Block size is a fixed size
- Then we perform encryption on a single block at a time
- Block cipher Mode of operation - how encryption happens on blocks
- Defines the method of encryption
- May provide a method of authentication
- if mode of operation require a certain block size and your data not fit in , it will get patted
-
ECB: Electronic Codebook
- Not commonly used -so simple
- Each block encrypted with same key
- If our plaintext blocks are identical and we use the same key it will be too easy to fig out
-
CBC: Cipher Block Chainings
- Adds randomization to the process
- Each plaintext block is XORed with previous ciphertext block
- Adds additional randomization
- Uses an initialization vector for the first block since it doesn't get XORed with previous ciphertext
- from the second block it will be XORed with previous ciphertext
-
CTR: Counter
- Counter Mode is similar to CBC in that an additional value is added or incorporated into each block prior to encryption
- The difference is that CTR does not use a random number and does not chain the blocks.
- Instead, it uses an independent counter, which both the sender and receiver have access to.
- Each block uses a counter value as the IV, and then the counter is incremented for the next block.
- Considered strong only for ciphers using block size >128 bits (Stewart)
- Block cipher mode / acts like stream cipher
- Encrypts successive values of a "counter"
-
GCM: Galois/Counter Mode
- Galois Counter Mode is an advancement over CTR that adds a hashing function to confirm the integrity of deciphered data.
- However, while GCM uses hashing to check integrity, it is described as an authentication code.
- GCM, like CTR, requires blocks of at least 128 bits.
- GCM is widely used in TLS cipher suites with AES (Stewart)
- Minimum latency, minimum operation overhead
- Very efficient encryption and authentication
- Commonly used in packetized data
- Network traffic security (wireless, IPsec)
- SSH TLS
- RSA: Ron Rivest, Adi Sharmi, and Leonard Adelman (Mike Chapple)
- Based on the product of two large prime numbers
- In the public domain
- Used extensively for web site encryption and digital rights management
- Its fairly slow, modern day use for initiating communication channels to transfer symmetric keys.
- variable length keys between 1,024 and 4,096
- Considered secure
- DSA: Digital Signature Algorithm
- Modifies Diffie-Hellman for use in digital signatures
- Combine with elliptic curve cryptography
- A Federal Information Processing Standard for digital signatures
- ECDSA - Elliptic Curve Digital Signature Algorithm
- ECC: Elliptic curve cryptography
- More efficient; requires less resources
- Suitable for mobile devices
- PGP/GPG: Pretty Good Privacy (Jason Dion, Mike Meyers, Mike Chapple)
- Combines both symmetric and asymmetric cryptography
- Sender send encrypted data encrypted using a random key with the encrypted version of randomkey using public key
- Recipient decrypt the random key using the private key and data using the random key
- PGP is not an encryption alo, its relies upon other algo like RSA
- Owned by Symantec
- Open standard - OpenPGP (RFC 4880)
- GNU Privacy Guard
- Diffie-Hellman (Mike Meyers, Mike Chapple)
- Allows for exchange of key over an insecure communications channel
- Does not itself encrypt or authenticate
- It's an anonymous key-agreement protocol
- Allows both sides to decide on common symmetric key
- Symmetric key derived from combination of one's own private key and another's public key
- On each side
- Groups
- DHE (or EDH): Ephemeral Diffie-Hellman
- ECDHE: Combined with elliptic curve cryptography
-
MD5
- MD5 is the fifth in a series of hash functions
- MD5 produces 128 bit hashes
- MD5 is no longer secure , Collision found in 1996.
-
SHA AKA "Secure Hash Algorithm"
- SHA-1 produces a 160 bit hash value (not secure)
- SHA-2 consists of family of six hash functions
- It produces output of 224, 256, 384 and 512 bits
- Uses mathematically similar approach to SHA-1 and MD5 (but no known vulnerabilities)
- SHA-3 designed to replace SHA-2
- Uses a completely different hash generation approach
- Produces hashes of user selected fixed length
-
HMAC: Hash-based Message Authentication Code (Mike Meyers)
- Combined a hash with a secret key
- e.g. HMAC-MD5, HMAC-SHA1
- Verify data integrity and authenticity
- No fancy asymmetric encryption required
- Used in network encryption protocols
- IPsec, TLS
- Combined a hash with a secret key
-
RIPEMD: RACE Integrity Primitives Evaluation Message Digest
- RIPEMD is an alternative to SHA that produces 128, 160, 256 and 320 bit hashes
- RACE: Research and Development in Advanced Communications Technologies in Europe
- Collisions found in 2004
- Effectively replaced with RIPEMD-160 (no known collision issues)
- Based upon MD4 design but performs similar to SHA-1
- RIPEMD-128, RIPEMD-256, RIPEMD-320
- Make a weak key stronger by performing multiple processes
- Hash a password. Hash the hash of the password...
- Key stretching, key strengthing
- Bruce force attacks would require reversing each of those hashes
- Key stretching libraries
- bcrypt
- Generates hashes from passwords
- Extends UNIX crypt library
- Uses Blowfish cipher to perform multiple rounds of hashing
- PBKDF2: Password-Based Key Derivation Function 2 (PBKDF2)
- Part of RSA public key cryptography standards (PKCS #5, RFC 2898)
- bcrypt
- Obfuscation (James Messer)
- not impossible to understand, but made unclear
- Make source code difficult to read
- But doesn't change functionality of the code
- Steganography (Mike Chapple)
- XOR (Exclusive OR) ciper
- Same? 0. Different? 1.
- Used extensively in cryptography
- Theoretically unbreakable method of obfuscating data
- Substitution ciphers
- e.g. A -> Z, B -> E
- e.g. Caesar cipher
- Easy to brute force
- ROT13
- Rotate by 13 places and substitute one letter with another
- Cryptographic protocols (James Messer)
- Don't use WEP
- WPA (Wifi Protected Access)
- RC4 with TKIP (temporal Key Integrity Protocol)
- Initialization Vector (IV) is larger and an encrypted hash
- Every packet gets a unique 128-bit encryption key
- RC4 with TKIP (temporal Key Integrity Protocol)
- CCMP
- TKIP: Temporal Key Integrity Protocol
- Combines the secret root key with the IV
- Adds sequence counter
- Prevents replay attacks
- Has its own set of vulnerabilities
- Deprecated in the 802.11-2012 standard
- WPA2
- AES (Advanced Encryption Standard) replaced RC4
- CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) replaced TKIP
- CCMP block cipher mode
- Uses AES for data confidentiality
- 128-bit key and a 128-bit block size
- Requires additional computing resources
- Data confidentiality (AES), authentication, and access control
- Wireless authentication protocols (James Messer, Mike Meyers, Jason Dion)
- Wireless communications need to be encrypted and properly authenticated in order to be considered secure. This section examines various options of authentication available for wireless. (Stewart)
- EAP: Extensible authentication protocol
- Authentication framework
- WPA and WPA2 use five EAP types as authentication mechanisms
- EAP-FAST: EAP Flexible Authentication via Secure Tunneling
- Cisco's proposal to replace LEAP (Lightweight EAP - previously used with WEP)
- Lightweight and secure
- EAP-TLS: EAP Transport Layer Security
- Strong security, wide adoption
- Support from most of the country
- EAP-TTLS: EAP Tunnel Transport Layer Security
- Support other authentication protocols in a TLS tunnel
- Use any authentication you can support, maintain security with TLS
- PEAP: Protected Extensible Authentication Protocol
- Protected EAP
- Created [by?] Cisco, Microsoft, and RSA Security
- "PEAP (Protected Extensible Authentication Protocol) creates a TLS (Transport Layer Security) tunnel by acquiring a PKI certificate from a CA." (uCertify)
- Encapsulates EAP in a TLS tunnel, one certificate on the server
- Combined a secure tunnel and EAP
- Commonly implemented as PEAPv0/EAP-MSCHAPv2
- Authenticates to Microsoft's MS-CHAPv2 databases
- IEEE 802.1x
- Port based Network Access Control (NAC)
- You don't get access until you authenticate
- Used in conjunction with an access database
- RADIUS
- LDAP
- TACACS+
- Devices
- Supplicant (workstation)
- Authenticator (switch)
- Authentication server
- Port based Network Access Control (NAC)
- RADIUS Federation
- Members of one organization can authenticate to the network of another organization
- Use their normal credentials
- Driven by eduroam (education roaming)
- Educators can use their normal authentication when visiting a different campus
- eduroam.org
- Methods (James Messer)
- PSK vs. Enterprise vs. Open
- Open
- No authentication needed
- WPA-Personal / WPA-PSK
- PSK: Preshared Key
- WPA2 with a preshared key
- Everyone uses the same 256-bit key
- WPA-Enterprise / WPA-802.1X
- Authenticates user individually with an authentication server (i.e. RADIUS)
- "WPA-Enterprise offers a decent level of encryption (WPA) as well as a powerful means of authorization (Enterprise)." (uCertify)
- Open
- Captive portals
- Access table recognizes lack of authentication
- Redirect your web access to a captive portal page
- Once authenticated, the web session continues
- Access table recognizes lack of authentication
- WPS
- Wi-Fi Protected Setup
- Designed for easy setup without long passphrase
- e.g. pin, button, NFC
- Flaw found in 2011, part of original design
- Wi-Fi Protected Setup
- PSK vs. Enterprise vs. Open
(Jason Dion 1, Jason Dion 2, Mike Meyers 1, Mike Meyer 2)
-
Digital Signature (Mike Chapple)
- Use Asymmetric cryptography to achieve integrity, authentication and non-repudiation
- Digital signature is the hash / MD of a msg encrypted with a private key
- What Signed message recipient know
- The owner of the public key is the person who signed (created) the message - Authentication
- The message was not altered after being signed - Integrity
- The recipient can prove these facts to a third party - non-repudiation
- What digital signatures depend on
- Collision resistant hash functions (no two inputs produce same output)
- Asymmetric cryptography (anything encrypted with one key pair only can decrypted with same key pair)
- Use private key for encryption and public key for decryption (reverse from other uses like sending secret msg, this verify only the person with private key signed it)
-
Components (James Messer, Jason Dion)
- Key management lifecycle
- Key generation
- Create a key with the requested strength using the proper cipher
- Certificate generation
- Allocate a key to a user
- Distribution
- Make the key available to the user
- Storage
- Securely store and protect against unauthorized use
- Revocation
- Manage keys that have been compromised
- Expiration
- A certificate may only have a certain "shelf life"
- Key generation
- Certificate (Mike Chapple)
- Public key certificate
- Binds a public key with a digital signature
- And other details about the key holder
- Digital signature adds trust
- PKI uses Certificate Authority (CA) for additional trust
- Web of Trust adds other usrs for additional trust
- Certificate creation can be built into the OS
- Public key certificate
- Digital certificate format
- Version: The X.509 version supported (V1, V2, V3)
- Serial number
- Signature algorithm
- Issuer
- Name of the CA, expressed as a Distinguished Name (DN)
- Valid From / Validi To
- Subject
- Name of certifiate holder, expressed as a distinguished name (DN)
- Public Key
- Extensions
- Extended attributes e.g. friendly subject, issuer names, contact email addresses, intended key usage
- CA: Certificate Authority (Mike Chapple)
- RA: Registration Authority
- Forwards certificate request to CA
- Root CA
- e.g. Verisign, Digisign
- Commercial
- Purchase your web site certificate
- It will be trusted by everyone's browser
- Create the key pair, send the public key to the CA to be signed
- A certificate signing request (CSR)
- Purchase your web site certificate
- Private certificate authorities
- Your devices must trust the internal CA
- Needed for medium-to-large organizations
- Many web servers and privacy requirements
- RA: Registration Authority
- PKI trust relationships
- Single CA
- Everyone receives their certificates from one authority
- Hierarchical
- Single CA issues certs to intermediate CAs
- Distriibutes the certificate management load
- Easier to deal with the revocation off an intermediate CA than the root CA
- Single CA
- Intermediate CA
- Key revocation
- CRL: Certificate Revocation List (CRL)
- Maintained by the Certificate Authority (CA)
- CRL: Certificate Revocation List (CRL)
- OCSP: Online Certificate Status Protocol
- The browser can check certificate revocation
- Using serial number
- Doesn't use encryption
- Doesn't scale well
- Public key
- "Public keys are the key from the key pair that are intended to be freely shared with the message—to everyone, hence the term public." (Conklin)
- Private key
- "The private key is the key from the key pair that is to be protected from all outside actors." (Conklin)
- Object identifiers (OID)
- "Each extension, or optional field, to a certificate has its own ID, expressed as an object identifier (OID), which is a set of values, together with either a critical or noncritical indication." (Conklin)
- Key management lifecycle
-
Concepts (James Messer)
- Online vs. offline CA
- Root CA can be taken offline when load is distributed to intermediate CAs
- OCSP Stapling
- Device that holds the certificate (CA) verifies their own status
- Status information is stored on the certificate holder's server
- Allows the certificate holder to get the OCSP record from the server at regular intervals and include it as a part of the SSL or TSL handshake
- OCSP status is "stapled" into the SSL/TLS handshake
- Digitally signed by the CA
- Device that holds the certificate (CA) verifies their own status
- Pinning
- Allows an HTTPS website to resist impersonation attacks by presenting a sest of trusted public keys to the user's web browser as a part of the HTTP header
- Application has hardcoded the server's certificate into the application itself
- Trust model (Mike Chapple)
- "Automatically updates browsers with a list of certificates for applications." (Dion)
- "Defines how various certificate authorities (CAs) trust each other." (uCertify)
- Single CA
- Everyone receives their certificates from one authortiy
- Hierarchical
- Single CA issues certs to intermediate CAs
- Mesh
- Cross-certifying CAs
- Doesn't scale well
- Web-of-trust
- Alternative to traditional PKI
- Mutual authentication
- Server authenticates to the client and the client authenticates to the server
- Key escrow (Mike Chapple)
- Third party holds decryption keys
- Occurs when a secure copy of a user's private key is held in case the user accidentally loses their key.
- Can help "ensure that the organization continues to have access to the [terminated] employee's private keys." (uCertify)
- Key Recovery Agent
- A specialized type of software that allows the restoration of a lost of corrupted key to be performed
- Certificate chaining
- Connection between all CAs
- Starts with SSL certificate
- And ends with the Root CA certificate
- Chain certificates, intermediate certificates
- Web server needs to be configured with the proper chain
- Online vs. offline CA
-
Types of certificates (James Messer, Jason Dion)
- Root certificate
- Everything starts here
- Issues intermediate CA certificates
- Web server SSL certifficates
- DV: Domain validation certificate
- Owner of the certificate has some control over a DNS domain
- Extended validation certificate (EV)
- Additional checks have verified the certificate owner's identity
- Green name on the address bar
- SAN: Subject Alternative Name
- Extension to an X.509 certificate
- Lists additional identification information
- Allows a certifficate to support many different domains
- Wildcard
- Certificates are based on the name of the server
- A wildcard domain wil apply to all server names in a domain
- *.domain.com
- Self-signed
- Don't need to be signed by a public CA
- Your company is the only one going to use it
- No need to purchase trust for devices that already trust you
- Build your own CA
- Install internal CA chain on all device
- DV: Domain validation certificate
- Machine/computer certificates
- Put signed certificate on device to authenticate
- Other business processes rely on the certifficate
- Access to the remote access VPN from authorized devices
- Management software can validate end device
- User certificates
- ID "card"
- Commonly in smart cards or mobile device
- Email certificates
- Needs public key
- Digital signature
- Code signing certificate
- Applications can be signed by the developer
- Root certificate
-
Certificate formats (James Messer)
- X.509 digital certificates
- The structure of the certification is standardized
- DER: Distinguished Encoding Rules
- Designed to transfer syntax for data structures
- Very specific encoding format
- Perfect for an x.509 certificate
- Binary format
- Use .DER, .CRT and .CER file ext
- "By default, Windows exports certificate files as Distinguished Encoding Rules (DER) encoded files." (uCertify)
- Designed to transfer syntax for data structures
- PEM: Privacy-Enhanced Mail
- Common format similar to DER
- ASCII format
- Convert with openssl
- Use file ext .PEM and .CRT
- P12
- PKCS #12: Publc Key Cryptography Standard #12
- Store many X.509 certificates in a single .p12 file
- Often used to transfer a private and public key pair
- Container can be password protected
- PFX
- "Used by Microsoft and contains both the public and private keys." (uCertify)
- Extended from Microsoft's .pfx format
- Similar to PKCS #12
- "PFX and P12 are the most common file types for exporting the private key." (uCertify)
- CER: Certificate
- "It does not support storage of the private key or certification path." (uCertify)
- Primarily a Windows X.509 file extension
- Can be encoded as binary DER format or aas the ASCII PEM format
- Usually contains a public key
- Private keys would be transferred in the .pfx file format
- Common format for Windows certificates
- Look for the .cer extension
- P7B
- PKCS #7: Public Key Cryptography Standard #7
- Cryptographic Message Syntax Standard
- Associated with the .p7b file
- Stored in ASII format
- Human-readable
- Contains certificates and chain certificates
- Private keys are not included in a .p7b file
- Wide platfor support
- Microsoft Windows
- Java Tomcat
- X.509 digital certificates